Everyday IT security measures for SMBs

IT security

There’s no argument about it. Cyber security is tough for small and medium sized businesses. Most SMBs don’t have a dedicated IT staff member, meaning it falls on the owner or manager to be on top of computer security matters.

One of the key milestones in cyber security is the upcoming data breach laws in Australia. These laws, which come into effect in February 2018, mean that any organisation that is subject to the Australian Privacy Act must report any data breaches from that date to the Office of the Information Commissioner, and to the public.

Many SMBs won’t be subject to this law, which applies to organisations with a turn-over of more than $3 million, but many will be. And whether or not it applies to you, the upshot is the same: if you are subject to a data breach, then customers will lose trust in you and your organisation, and they will take their business elsewhere. So what can you do to ensure that you’re not hacked?

One of the first things you can do is check out the Australian Signals Directorate’s (ASD) Essential Eight. Now the ASD sounds like a pretty scary organisation. After all, they’re involved in protecting Australia from IT security threats. But they also have some practical, common sense rules for making sure your IT systems are protected against hackers. Of the eight guidelines, the top four make for essential reading.

The first is to check your application’s whitelisting. What does this mean? Whitelisting means that only approved applications can run on your systems. One of the common ways hackers get access is through malware, or malicious software that is installed through poor browser settings and insecure programs. With whitelisting, malware simply cannot run on your system, protecting it. If you’re unsure about whitelisting, contact your software vendor.

The other Essential rules include patching applications and operating systems. Many software vendors make this really easy by bundling together security patches into software updates. It’s just a matter of clicking the update button, and protecting yourself.

The ASD also recommends that you restrict administrative privileges. This sounds complicated, but it’s a matter of making sure that you are the only person who can apply things like patches and software updates to your computers.

One of the most common ways that hackers gain access to systems is through the use of insecure passwords. According to the Verizon Data Breach Report 2017, a reputable publication that looks at how organisations are attacked by hackers, 61 per cent of the businesses that suffered a data breach in the last 12 months had under 1000 employees. This puts the bulk of hacking right in the middle of the SMB zone.

More importantly, the same report found that 80 per cent of hacking-related breaches came down to stolen or weak passwords. So what should you do about password security? There are numerous third party companies out there that offer password management, and their services are generally good. They encrypt passwords, manage the passwords for you, and generally make it hard for a hacker to guess what you’re using for identification.

It’s also critical that you change passwords on things like computer and WiFi routers. Out of the box, many come with a default password such as “admin,” which is easily guessed. Change it to something that someone would have a hard time guessing (so kids and pet names are out) or, as discussed above, use a password manager.

Protecting your systems also means protecting files from malware and from disaster, such as a hardware failure or the network going down. Some NAS storage solutions guard your files against hacking and from things like ransomware. Ones to look out for are those that enable you to create a ‘private cloud’ – this means being able to access your files over the network, and from anywhere you need to access them from.

Other sensible protections against hacking and data breaches includes using the latest anti-virus software, and keeping it updated. Anti-virus companies regularly release what are called ‘virus definitions’ which protect against the latest viruses being found out on the internet. Another benefit of using anti-virus software is that it can protect against things like malware and adware, which can be used by hackers to break into your systems.

The final protection against hacking is human. Be aware of tricks like ‘phishing’, which are emails that look legitimate but are from hackers. With these emails, they will generally ask for log-ins and passwords, so the rule of thumb is to never send your credentials to an email you don’t trust. Banks and other institutions will never ask for these via email, so if you’re unsure, make a phone call.

While protecting your computer systems against hacking isn’t easy for an SMB owner or manager, there are things you can do every day to make sure you’re not a victim. Be vigilant, apply patches, and educate your staff and you’re on your way to a safer IT environment.


About the author

Brad Little is the Managing Director and President of NETGEAR ANZ